{% extends 'base/base.html' %}
{% load static %}
{% load humanize %}
{% load custom_tags %}
{% block title %}
All Vulnerabilities
{% endblock title %}

{% block custom_js_css_link %}
<link rel="stylesheet" type="text/css" href="{% static 'plugins/datatable/datatables.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'plugins/datatable/global.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'plugins/datatable/custom.css' %}">
<link href="{% static 'plugins/perfect-scrollbar/perfect-scrollbar.css' %}" rel="stylesheet" type="text/css" />
{% endblock custom_js_css_link %}

{% block main_content %}
<div class="row">
	{% include 'base/_items/vulnerability_tab_content.html' %}
</div>
{% endblock main_content %}


{% block page_level_script %}
<script src="{% static 'startScan/js/detail_scan.js' %}"></script>
<script src="{% static 'plugins/datatable/datatables.js' %}"></script>
<script src="{% static 'plugins/perfect-scrollbar/perfect-scrollbar.min.js' %}"></script>
<script src="//cdn.datatables.net/colreorder/1.5.2/js/dataTables.colReorder.min.js" charset="utf-8"></script>
<script src="{% static 'startScan/js/vulnerability-datatables-suggestions.js' %}"></script>
<script type="text/javascript">
$(document).ready(function() {
	const ps2 = new PerfectScrollbar(document.querySelector('.vulnerability-search'));
	var vulnerability_table = $('#vulnerability_results').DataTable({
		"destroy": true,
		"oLanguage": {
			"oPaginate": { "sPrevious": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>', "sNext": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg>' },
			"sInfo": "Showing page _PAGE_ of _PAGES_",
			"sSearch": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"><circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line></svg>',
			"sSearchPlaceholder": "Search...",
			"sLengthMenu": "Results :  _MENU_",
		},
		"processing": true,
		"dom": "<'row'<'col-lg-12 col-md-12 col-12 mb-2'l>>" +
		"<'table-responsive'tr>" +
		"<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
		"stripeClasses": [],
		"lengthMenu": [50, 100, 500, 1000],
		"pageLength": 50,
		'serverSide': true,
		{% if request.GET.domain %}
		"ajax": '/api/listVulnerability/?format=datatables&domain={{request.GET.domain}}',
		{% elif request.GET.vulnerability_name %}
		"ajax": '/api/listVulnerability/?format=datatables&vulnerability_name={{request.GET.vulnerability_name}}',
		{% elif request.GET.subdomain %}
		"ajax": '/api/listVulnerability/?format=datatables&subdomain={{request.GET.subdomain}}',
		{% else %}
		"ajax": '/api/listVulnerability/?format=datatables',
		{% endif %}
		"order": [[ 4, "desc" ]],
		"columns": [
			{'data': 'id'},
			{'data': 'type'},

			{'data': 'name'},
			{'data': 'cvss_metrics'},
			{'data': 'tags'},
			{'data': 'hackerone_report_id'},

			{'data': 'severity'},
			{'data': 'cvss_score'},
			{'data': 'cve_ids'},
			{'data': 'cwe_ids'},
			{'data': 'http_url'},

			{'data': 'description'},
			{'data': 'references'},

			{'data': 'discovered_date'},

			{'data': 'open_status'},

			{'data': 'hackerone_report_id'},

			// extras
			{'data': 'extracted_results'},
			{'data': 'curl_command'},
			{'data': 'matcher_name'},
		],
		"columnDefs": [
			{ "orderable": false, "targets": [8, 11]},
			{
				"targets": [3, 4, 5, 9, 12, 16, 17, 18],
				"visible": false,
				"searchable": true,
			},
			{"className": "text-center", "targets": []},
			{
				"render": function ( data, type, row ) {
					if(row['open_status']){
						return `<div class="form-check mb-2 form-check-primary"><input type="checkbox" name="targets_checkbox['+ e + ']" class="float-start form-check-input" onchange="vuln_status_change(this, `+data+`);">\n<span class="new-control-indicator"></span><span style="visibility:hidden">c</span></div>`;
					}
					else{
						return `<div class="form-check mb-2 form-check-primary"><input type="checkbox" checked name="targets_checkbox['+ e + ']" class="float-start form-check-input" onchange="vuln_status_change(this, `+data+`);">\n<span class="new-control-indicator"></span><span style="visibility:hidden">c</span></div>`;
					}
				},
				"targets": 0,
			},
			{
				"render": function ( data, type, row ) {
					if (data) {
						return `<span class="badge badge-soft-primary">&nbsp;&nbsp;${data.toUpperCase()}&nbsp;&nbsp;</span>`;
					}
				},
				"targets": 1,
			},
			{
				"render": function ( data, type, row ) {
					var tags = '';
					var cvss_metrics_badge = '';
					switch (row['severity']) {
						case 'Info':
						color = 'primary';
						badge_color = 'soft-primary';
						break;
						case 'Low':
						color = 'low';
						badge_color = 'soft-warning';
						break;
						case 'Medium':
						color = 'warning';
						badge_color = 'soft-warning';
						break;
						case 'High':
						color = 'danger';
						badge_color = 'soft-danger';
						break;
						case 'Critical':
						color = 'critical';
						badge_color = 'critical';
						break;
						case 'Unknown':
						color = 'info';
						badge_color = 'soft-info';
						break;
						default:
					}
					if (row['tags']) {
						tags = '<div>';
						row['tags'].forEach(tag => {
							tags += `<span class="badge badge-${badge_color} me-1 mb-1" data-toggle="tooltip" data-placement="top" title="Tags">${tag.name}</span>`;
						});
						tags += '</div>';
					}
					if (row['cvss_metrics']) {
						cvss_metrics_badge = `<div><span class="badge badge-outline-primary my-1" data-toggle="tooltip" data-placement="top" title="CVSS Metrics">${row['cvss_metrics']}</span></div>`;
					}
					hackerone_report = row['hackerone_report_id'] ? `<div><a class="badge badge-soft-danger mt-1 me-1" href="https://hackerone.com/reports/${row['hackerone_report_id']}" target="_blank">Reported to hackerone</a></div>` : "";
					return `<b class="text-${color}">` + data + `</b>` + cvss_metrics_badge + tags + hackerone_report;
				},
				"targets": 2,
			},
			{
				"render": function ( data, type, row ) {
					return get_severity_badge(data);
				},
				"targets": 6,
			},
			{
				"render": function ( data, type, row ) {
					if (data) {
						if (data > 0.1 && data <= 3.9) {
							badge = 'info';
						}
						else if (data > 3.9 && data <= 6.9) {
							badge = 'warning';
						}
						else if (data > 6.9 && data <= 8.9) {
							badge = 'danger';
						}
						else{
							badge = 'danger';
						}
						return `<span class="badge badge-outline-${badge}" data-toggle="tooltip" data-placement="top" title="CVSS Score">${data}</span>`;
					}
					return '';
				},
				"targets": 7,
			},
			{
				"render": function ( data, type, row ) {
					cve_cwe_badge = '<div>';

					if (row['cve_ids']) {
						row['cve_ids'].forEach(cve => {
							cve_cwe_badge += `<a href="#" onclick="get_and_render_cve_details('${cve.name.toUpperCase()}')" class="badge badge-outline-primary me-1 mt-1" data-toggle="tooltip" data-placement="top" title="CVE ID">${cve.name.toUpperCase()}</a>`;
						});
					}
					if (row['cwe_ids']) {
						row['cwe_ids'].forEach(cwe => {
							cve_cwe_badge += `<a href="https://google.com/search?q=${cwe.name.toUpperCase()}" target="_blank" class="badge badge-outline-primary me-1 mt-1" data-toggle="tooltip" data-placement="top" title="CWE ID">${cwe.name.toUpperCase()}</a>`;
						});
					}
					return cve_cwe_badge + '</div>';
				},
				"targets": 8,
			},
			{
				"render": function ( data, type, row ) {
					if (data.includes('http')) {
						return "<a href='"+htmlEncode(data)+"' target='_blank' class='text-danger'>"+htmlEncode(data)+"</a>";
					}
					return data;
				},
				"targets": 10,
			},
			{
				"render": function ( data, type, row ) {
					description = row['description'] ? `<div>${row['description']}</div>` : '';
					// show extracted results, and show matcher names, matcher names can be in badges
					if (row['matcher_name']) {
						description += `<span class="badge badge-soft-primary" data-toggle="tooltip" data-placement="top" title="Matcher Name">${row['matcher_name']}</span>`;
					}

					if (row['extracted_results'] && row['extracted_results'].length > 0) {
						description += `<br><a class="mt-2" data-bs-toggle="collapse" href="#results_${row['id']}" aria-expanded="false" aria-controls="results_${row['id']}">Extracted Results <i class="fe-chevron-down"></i></a>`;
						description += `<div class="collapse" id="results_${row['id']}"><ul>`;
						row['extracted_results'].forEach(results => {
							description += `<li>${results}</li>`;
						});
						description += '</ul></div>';
					}

					if (row['references'] && row['references'].length > 0) {
						description += `<br><a class="mt-2" data-bs-toggle="collapse" href="#references_${row['id']}" aria-expanded="false" aria-controls="references_${row['id']}">References <i class="fe-chevron-down"></i></a>`;
						description += `<div class="collapse" id="references_${row['id']}"><ul>`;
						row['references'].forEach(reference => {
							description += `<li><a href="${reference.url}" target="_blank">${reference.url}</a></li>`;
						});
						description += '</ul></div>';
					}

					if (row['curl_command']) {
						description += `<br><a class="mt-2" data-bs-toggle="collapse" href="#curl_command_${row['id']}" aria-expanded="false" aria-controls="curl_command_${row['id']}">CURL command <i class="fe-terminal"></i></a>`;
						description += `<div class="collapse" id="curl_command_${row['id']}"><ul>`;
						description += `<li><code>${htmlEncode(row['curl_command'])}</code></li>`;
						description += '</ul></div>';
					}

					return description;
				},
				"targets": 11,
			},
			{
				"render": function ( data, type, row ) {
					if (data){
						return '<span class="badge badge-soft-danger">&nbsp;&nbsp;OPEN&nbsp;&nbsp;</span>'
					}
					else{
						return '<span class="badge badge-soft-success">&nbsp;&nbsp;RESOLVED&nbsp;&nbsp;</span>'
					}
				},
				"targets": 14,
			},
			{
				"render": function ( data, type, row ) {
					if (!data){
						return `
						<div class="btn-group mb-2 dropstart">
						<a href="#" class="text-dark dropdown-toggle float-end" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-more-horizontal"><circle cx="12" cy="12" r="1"></circle><circle cx="19" cy="12" r="1"></circle><circle cx="5" cy="12" r="1"></circle></svg>
						</a>
						<div class="dropdown-menu" style="">
						<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
						</div>
						</div>`;
					}
					else{
						return '';
					}
				},
				"targets": 15,
			},
		],
		drawCallback: function (settings) {
			drawCallback_api = this.api();

			if(!$('#vuln_type_checkbox').is(":checked")){
				vulnerability_table.column(1).visible(false);
			}

			if(!$('#vuln_severity_checkbox').is(":checked")){
				vulnerability_table.column(6).visible(false);
			}
			if(!$('#vuln_cvss_score_checkbox').is(":checked")){
				vulnerability_table.column(7).visible(false);
			}
			if(!$('#vuln_cve_cwe_checkbox').is(":checked")){
				vulnerability_table.column(8).visible(false);
			}
			if(!$('#vuln_vulnerable_url_checkbox').is(":checked")){
				vulnerability_table.column(10).visible(false);
			}
			if(!$('#vuln_description_checkbox').is(":checked")){
				vulnerability_table.column(11).visible(false);
			}
			if(!$('#vuln_discovered_on_checkbox').is(":checked")){
				vulnerability_table.column(13).visible(false);
			}
			if(!$('#vuln_status_checkbox').is(":checked")){
				vulnerability_table.column(14).visible(false);
			}

		},
		createdRow: function( row, data, dataIndex ) {
			if (!data['open_status']){
				$(row).addClass('table-success text-strike');
			}
		},
	});

	$('#vulnerability-search-button').click(function () {
		vulnerability_table.search($('#vulnerability-search').val()).draw() ;
	});

	$('input[name=vuln_type_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(1).visible(true);
		} else {
			vulnerability_table.column(1).visible(false);
		}
		window.localStorage.setItem('vuln_type_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_severity_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(6).visible(true);
		} else {
			vulnerability_table.column(6).visible(false);
		}
		window.localStorage.setItem('vuln_severity_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_cvss_score_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(7).visible(true);
		} else {
			vulnerability_table.column(7).visible(false);
		}
		window.localStorage.setItem('vuln_cvss_score_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_cve_cwe_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(8).visible(true);
		} else {
			vulnerability_table.column(8).visible(false);
		}
		window.localStorage.setItem('vuln_cve_cwe_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_vulnerable_url_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(10).visible(true);
		} else {
			vulnerability_table.column(10).visible(false);
		}
		window.localStorage.setItem('vuln_vulnerable_url_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_description_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(11).visible(true);
		} else {
			vulnerability_table.column(11).visible(false);
		}
		window.localStorage.setItem('vuln_description_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_discovered_on_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(13).visible(true);
		} else {
			vulnerability_table.column(13).visible(false);
		}
		window.localStorage.setItem('vuln_discovered_on_checkbox', $(this).is(':checked'));
	});

	$('input[name=vuln_status_checkbox]').change(function() {
		if ($(this).is(':checked')) {
			vulnerability_table.column(14).visible(true);
		} else {
			vulnerability_table.column(14).visible(false);
		}
		window.localStorage.setItem('vuln_status_checkbox', $(this).is(':checked'));
	});
	// TODO: Add Grouping
	// $('input[name="grouping_type"]').on('change', function(e) {
	// 	var groupColumn = 2;
	// 	switch (this.value) {
	// 		case 'name':
	// 			groupColumn = 2;
	// 			break;
	// 		case 'type':
	// 			groupColumn = 1;
	// 			break;
	// 		case 'url':
	// 			groupColumn = 10;
	// 			break;
	// 	}
	// 	vulnerability_table.order([[groupColumn, 'asc']]).draw();
	// 	var api = $(`#vulnerability_results`).dataTable().api();
	// 	var rows = api.rows( {page:'current'} ).nodes();
	// 	var last=null;
	// 	api.column(groupColumn, {page:'current'} ).data().each( function ( group, i ) {
	// 		if ( last !== group ) {
	// 			$(rows).eq( i ).before(
	// 				'<tr class="group"><td colspan="11">'+group+'</td></tr>'
	// 			);
	// 			last = group;
	// 		}
	// 	});
	// });

});

var vulnerability_cols = [
		'vuln_type_checkbox',
		'vuln_severity_checkbox',
		'vuln_cvss_score_checkbox',
		'vuln_cve_cwe_checkbox',
		'vuln_vulnerable_url_checkbox',
		'vuln_description_checkbox',
		'vuln_discovered_on_checkbox',
		'vuln_status_checkbox'
	];

	for (var col in vulnerability_cols) {
		if(window.localStorage.getItem(vulnerability_cols[col]) != null && window.localStorage.getItem(vulnerability_cols[col]) === 'false'){
			$('#' + vulnerability_cols[col]).prop('checked', false);
		}
	}

</script>
{% endblock page_level_script %}
